Strix stores ~30 distinct attack methodologies as .md files in strix/skills/ — SQL injection, SSRF, XSS, IDOR, mobile testing, crypto, etc. Each file:
- Has a one-line trigger (when this skill matches)
- Has a structured methodology (numbered steps)
- Has examples (golden flows)
The agent’s loop is small. The agent’s brain is the skills directory. New methodologies arrive as PRs from researchers — no Python changes.
Why this is the right shape
Reviewability. A pentester who’s never seen Strix’s Python can read a methodology and review the PR.
Versionability. git log strix/skills/sql-injection.md shows how the methodology has evolved. No archaeology through prompt builders.
Locality. The skill, its trigger, its rationale — one file. Not distributed across multiple Python modules.
Forkability. A new project can lift a curated subset of skills as a starting library.
Why it took until ~2024 to appear
Three things had to be true:
- Long enough context windows that loading 30 skills is feasible.
- Prompt caching to make repeated loading cheap.
- Agent loops that are stable so you have somewhere for skills to plug in.
Before 2023, prompt windows were too small; before late 2023, caching was too immature.
How to copy the pattern
- Pick the skill domain (attack types, support workflows, code-review checklists, whatever).
- Define a tiny frontmatter:
name,trigger,priority. - Write 5-10 skills by hand to validate the pattern.
- Open the
skills/directory to PRs. - Add a trigger-matching layer (string match → simple LLM router) to the agent loop.
The loop becomes ~200 lines. The library grows to thousands. You’ve shifted the project’s gravity.
Sources
-
strix/00_overview.md:195? unverified -
strix/05_skills_and_prompts.md? unverified